Re: 9300 series - EIGRP what am I missing ?

Neil Kirkland · ‎02-22-2020

Hi All,

Tearing out the hair. I have an EIGRP setup that appears fine, I can ping every VLAN address from every switch, but when I connect anything to the VLAN nothing communicates, you can ping from the switch to an address in the switches but not to or from a port on the switch - ???

The ports are configured for access, the EIGRP routes seem fine, all adjacencies are fine and reporting no issues and yet no traffic moves.

Switch 1 (9300)

Switch#sh ip route eigrp
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       a - application route
       + - replicated route, % - next hop override, p - overrides from PfR

Gateway of last resort is not set

D     192.168.9.0/24 
           [90/28416] via 10.10.10.17, 00:53:09, GigabitEthernet1/0/23
D     192.168.12.0/24 
           [90/28416] via 10.10.10.26, 00:51:38, GigabitEthernet1/0/24

Switch 2

Nexus1#sh ip route eigrp
D    192.168.9.0/24 [90/30976] via 10.10.10.25, 00:54:29, FastEthernet0/23
     10.0.0.0/8 is variably subnetted, 3 subnets, 2 masks
D       10.0.0.0/8 is a summary, 00:54:07, Null0
D       10.10.10.16/30 [90/30720] via 10.10.10.25, 00:54:29, FastEthernet0/23

Switch 3

Nexus2#
Nexus2#sh ip route eigrp
D    192.168.12.0/24 [90/30976] via 10.10.10.18, 00:55:51, FastEthernet0/23
     10.0.0.0/8 is variably subnetted, 3 subnets, 2 masks
D       10.0.0.0/8 is a summary, 00:57:30, Null0
D       10.10.10.24/30 [90/30720] via 10.10.10.18, 00:57:27, FastEthernet0/23

Ignore the 'Nexus / FastEthernet' - these are my test boxes - can't afford Nexus units as test boxes so I'm making do with a pair of 3650's

The 9300's are real however and what I need to get working - they will be talking to 'real' Nexus 3000's.

Why would I be able to ping from inside the switch but not outside ?

What am I missing (I haven't touched IOS since 2018 !!)

Being able to learn something is not the same thing as being able to do it for real. The only thing that exams prove is your memory.

Georg Pauwen · ‎02-22-2020

Hello,

--> Tearing out the hair. I have an EIGRP setup that appears fine, I can ping every VLAN address from every switch, but when I connect anything to the VLAN nothing communicates, you can ping from the switch to an address in the switches but not to or from a port on the switch - ???

Can you post a schematic drawing showing your topology, and what you can and cannot ping ?

Neil Kirkland · ‎02-22-2020

Nexus2#ping 192.168.12.2

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.12.2, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
Nexus2#ping 192.168.12.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.12.1, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
Nexus2#ping 192.168.12.254

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.12.254, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms

This ping was sent from Nexus2 which is VLAN 9, I can ping the IP of VLAN12 which is in Nexus 1 but I can't ping PC's attacted to Nexus 1 even though the ports are configured for VLAN 12 access, the PC's on nexus 1 cannot ping the VL 12 IP address - the ports are up, VL 12 is up ....

Being able to learn something is not the same thing as being able to do it for real. The only thing that exams prove is your memory.

Georg Pauwen · ‎02-22-2020

Odd indeed. Can the hosts in Vlan 12 ping their own default gateway, 192.168.12 254 ?

Neil Kirkland · ‎02-22-2020

No they can't which is why it is so perplexing ... but they can ping other devices in their network ....

Being able to learn something is not the same thing as being able to do it for real. The only thing that exams prove is your memory.

Georg Pauwen · ‎02-22-2020

Hello,

try and configure 'no auto-summary' under the EIGRP processes of your switches...

Neil Kirkland · ‎02-22-2020

I shall try - thought that was the default these days ?

I'm starting to wonder if I'm not fighting some windows firewall BS ....

Being able to learn something is not the same thing as being able to do it for real. The only thing that exams prove is your memory.

Neil Kirkland · ‎02-22-2020

Well the devices in VL 12 can now ping the gateway, and they can't see VL 9 which is good, the problem remains on the stub which needs to see all but can still only ping the gateways.

Been at this all day - the head's melted.

Being able to learn something is not the same thing as being able to do it for real. The only thing that exams prove is your memory.

Georg Pauwen · ‎02-22-2020

Hello,

post the full configs of your switches, otherwise it is just guesswork. Windows firewall could be an issue though...

Neil Kirkland · ‎02-22-2020

Nexus 1 (done in a Catalyst for now as I have no Nexus to hand)

	hostname Nexus1
	ip routing
	int ra fa0/1 -6
		switchport mode access
		switchport access vl 12
		no shut
		exit
	vl 12
	        name VLAN12
		state active
		exit
		
	int vl 12
		ip address 192.168.12.254 255.255.255.0
		no shut
		ip pim sparse-dense-mode
		ip pim state-refresh origination-interval 60
		ip forward-protocol udp 161
		ip forward-protocol udp 162
		ip forward-protocol udp 123
		
	int fa0/23 
		no switchport
		ip address 10.10.10.26 255.255.255.252
		no shut
	
	router eigrp 10
		network 10.10.10.24 0.0.0.3
		network 192.168.12.0 0.0.0.255

Nexus 2 - same remark as above

	hostname Nexus2

	ip routing
	
	int ra fa0/1 -6
		switchport mode access
		switchport access vl 9
		no shut
		exit
		
	vl 9
		name VLAN9
		state active
		exit
		
	int vl 9
		ip address 192.168.9.254 255.255.255.0
		no shut
		ip pim sparse-dense-mode
		ip pim state-refresh origination-interval 60
		ip forward-protocol udp 161
		ip forward-protocol udp 162
		ip forward-protocol udp 123
		
	int fa0/23 
		no switchport
		ip address 10.10.10.17 255.255.255.252
		no shut
	
	router eigrp 10
		network 10.10.10.16 0.0.0.3
		network 192.168.9.0 0.0.0.255

9300 Edge 1 (note I have used two copper ports from the catalysts to simulate the 10G fibre (no Nexus available)

	interface GigabitEthernet1/0/23
		no switchport
		ip address 10.10.10.18 255.255.255.252

	interface GigabitEthernet1/0/24
		no switchport
		ip address 10.10.10.25 255.255.255.252

	interface TenGigabitEthernet1/1/3
		no switchport
		ip address 10.10.10.21 255.255.255.252

	router eigrp 10
		network 10.10.10.16 0.0.0.3
		network 10.10.10.20 0.0.0.3
		network 10.10.10.24 0.0.0.3

9300 Stub (not yet configured as a stub - I want to get it working first)

	interface GigabitEthernet1/0/1
		switchport access vlan 9

	interface GigabitEthernet1/0/2
		switchport access vlan 9

	interface GigabitEthernet1/0/3
		switchport access vlan 9
         
	interface GigabitEthernet1/0/4
		switchport access vlan 9

	interface GigabitEthernet1/0/5
		switchport access vlan 10

	interface GigabitEthernet1/0/6
		switchport access vlan 10

	interface GigabitEthernet1/0/7
		switchport access vlan 10

	interface GigabitEthernet1/0/8
		switchport access vlan 10

	interface GigabitEthernet1/0/9
		switchport access vlan 12

	interface GigabitEthernet1/0/10
		switchport access vlan 12

	interface GigabitEthernet1/0/11
		switchport access vlan 12

	interface GigabitEthernet1/0/12
		switchport access vlan 12

	interface TenGigabitEthernet1/1/1
		no switchport
		ip address 10.10.10.22 255.255.255.252

	interface TenGigabitEthernet1/1/2
		no switchport
		ip address 10.10.10.34 255.255.255.252

	router eigrp 10
		network 10.10.10.20 0.0.0.3
		network 10.10.10.28 0.0.0.3

There are no policies in place, everything else is 'out of the box' config currently so these are pretty much the only items changed. The vlans are defined in the stub, the routing table from the stub is below, the vlans have no ip address but do have the VLAN (gateway) IP address as a helper address.

Switch#sh ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       a - application route
       + - replicated route, % - next hop override, p - overrides from PfR

Gateway of last resort is not set

      10.0.0.0/8 is variably subnetted, 4 subnets, 2 masks
D        10.10.10.16/30 
           [90/28416] via 10.10.10.21, 00:27:05, TenGigabitEthernet1/1/1
C        10.10.10.20/30 is directly connected, TenGigabitEthernet1/1/1
L        10.10.10.22/32 is directly connected, TenGigabitEthernet1/1/1
D        10.10.10.24/30 
           [90/28416] via 10.10.10.21, 00:27:05, TenGigabitEthernet1/1/1
D     192.168.9.0/24 
           [90/28672] via 10.10.10.21, 00:27:05, TenGigabitEthernet1/1/1
D     192.168.12.0/24 
           [90/28672] via 10.10.10.21, 00:27:05, TenGigabitEthernet1/1/1
Switch#shj vlan
         ^
% Invalid input detected at '^' marker.

Switch#sh vl

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Gi1/0/13, Gi1/0/14, Gi1/0/15
                                                Gi1/0/16, Gi1/0/17, Gi1/0/18
                                                Gi1/0/19, Gi1/0/20, Gi1/0/21
                                                Gi1/0/22, Gi1/0/23, Gi1/0/24
                                                Te1/1/3, Te1/1/4, Te1/1/5
                                                Te1/1/6, Te1/1/7, Te1/1/8
9    VLAN09                            active    Gi1/0/1, Gi1/0/2, Gi1/0/3
                                                Gi1/0/4
10   VLAN10                            active    Gi1/0/5, Gi1/0/6, Gi1/0/7
                                                Gi1/0/8
12   VLAN12                            active    Gi1/0/9, Gi1/0/10, Gi1/0/11
                                                Gi1/0/12
1002 fddi-default                     act/unsup 
1003 token-ring-default               act/unsup 
1004 fddinet-default                  act/unsup 
1005 trnet-default                    act/unsup 

VLAN Type  SAID       MTU   Parent RingNo BridgeNo Stp  BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1    enet  100001     1500  -      -      -        -    -        0      0   
          
VLAN Type  SAID       MTU   Parent RingNo BridgeNo Stp  BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
9    enet  100009     1500  -      -      -        -    -        0      0   
10   enet  100010     1500  -      -      -        -    -        0      0   
12   enet  100012     1500  -      -      -        -    -        0      0   
1002 fddi  101002     1500  -      -      -        -    -        0      0   
1003 tr    101003     1500  -      -      -        -    -        0      0   
1004 fdnet 101004     1500  -      -      -        ieee -        0      0   
1005 trnet 101005     1500  -      -      -        ibm  -        0      0   

Remote SPAN VLANs
------------------------------------------------------------------------------


Primary Secondary Type              Ports
------- --------- ----------------- ------------------------------------------

Being able to learn something is not the same thing as being able to do it for real. The only thing that exams prove is your memory.

Georg Pauwen · ‎02-22-2020

Hello,

thanks for the configs. I'll need to lab this up, will get back with you...

Neil Kirkland · ‎02-22-2020

Really appreciate it,

This is the vlan definition in the stub forgot to copy it. Nobody connects to the 9300 edge 0 they are simply there to provide connectivity into the Nexus boxes (the 9300's are an late design change or we would have added more fibre ports to the Nexus 3000's)

vl 9
		name VLAN09
		state active
vl 10
		name VLAN10
		state active
vl 12
		name VLAN12
		state active

int vl 9
		ip helper-address 192.168.9.254
int vl 10
		ip helper-address 192.168.10.254
int vl 12
		ip helper-address 192.168.12.254

Being able to learn something is not the same thing as being able to do it for real. The only thing that exams prove is your memory.

Neil Kirkland · ‎02-23-2020

Pretty sure I've got it figured - can't route a VLAN - i.e. can't have VL 12 at both ends of an EIGRP route, only way to have VL 12 in two locations is to use trunks which I don't want to do.

So I put the PC's into a new vlan, and it all works so far, the PC's can access the vlans as needed.

Being able to learn something is not the same thing as being able to do it for real. The only thing that exams prove is your memory.